[ANNOUNCE] Git, and others

Junio C Hamano gitster at pobox.com
Wed Aug 31 22:00:56 BST 2011

The latest maintenance release Git is available at the
usual places:


  git-{gz,bz2}			(source tarball)
  git-htmldocs-{gz,bz2}		(preformatted docs)
  git-manpages-{gz,bz2}		(preformatted docs)

The RPM binary packages for a few architectures are found in:

  RPMS/$arch/git-*-$arch.rpm	(RPM)

Among many fixes since v1.7.3.3, it contains a fix to a recently
discovered XSS vulnerability in Gitweb (CVE 2010-3906).  A backport
to an earlier maintenance track is available (replace with above).

The Gitweb fix has also been backported to maintenance tracks of other
earlier releases (,,,, and and are
available from the main repository and shortly will be available from its



Git v1.7.3.4 Release Notes

Fixes since v1.7.3.3

 * Smart HTTP transport used to incorrectly retry redirected POST
   request with GET request.

 * "git apply" did not correctly handle patches that only change modes
   if told to apply while stripping leading paths with -p option.

 * "git apply" can deal with patches with timezone formatted with a
   colon between the hours and minutes part (e.g. "-08:00" instead of

 * "git checkout" removed an untracked file "foo" from the working
   tree when switching to a branch that contains a tracked path
   "foo/bar".  Prevent this, just like the case where the conflicting
   path were "foo" (c752e7f..7980872d).

 * "git cherry-pick" or "git revert" refused to work when a path that
   would be modified by the operation was stat-dirty without a real
   difference in the contents of the file.

 * "git diff --check" reported an incorrect line number for added
   blank lines at the end of file.

 * "git imap-send" failed to build under NO_OPENSSL.

 * Setting log.decorate configuration variable to "0" or "1" to mean
   "false" or "true" did not work.

 * "git push" over dumb HTTP protocol did not work against WebDAV
   servers that did not terminate a collection name with a slash.

 * "git tag -v" did not work with GPG signatures in rfc1991 mode.

 * The post-receive-email sample hook was accidentally broken in

 * "gitweb" can sometimes be tricked into parrotting a filename argument
   given in a request without properly quoting.

Other minor fixes and documentation updates are also included.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the git-announce mailing list